With wu-ftpd-2.5.0-0.5.2 update RPM, when a guest or anonymous user logs out of the server, the logout is not reflected in wtmp, so 'last' shows 'still logged in' for these users.
*** Bug 3483 has been marked as a duplicate of this bug. *** A couple days ago, I upgraded my wu-ftpd package to: wu-ftpd-2.5.0-0.5.2 Now when I check my lastlog, using last -20 it shows ftp connections to my box as still open: (example) ftp ftp 98A718CA.ipt.aol Sun Jun 13 16:16 still logged in ftp ftp 98A718CA.ipt.aol Sun Jun 13 16:14 still logged in ftp ftp 98A718CA.ipt.aol Sun Jun 13 16:14 still logged in However, looking at netstat, these connections are closed, it appears that the closure of these connections is not being logged. I thought I would pass this along, so that it can get fixed. Sincerely yours, Christopher Martinsen Systems Manager Columbia Education Center
*** Bug 3925 has been marked as a duplicate of this bug. *** I have not tested this extensively, but I have noticed RH 6.0 (every update installed) wu-ftpd 2.5.0-2 not clearing utmp/wtmp properly with anonymous ftp logins. This can be noticed best with 'last', where every single anon login is 'still logged in'. Regular users work fine. I have not tested this extensively, but I guess the problem is quite widespread. I have changed GID 101 (console in my case) to 91 because GID's above 100 are in general use by our company but I don't think that affects anything since the group console doesn't even own any files in our system..
*** Bug 4124 has been marked as a duplicate of this bug. *** I run an anonftp server, and when I type `last' I see entries that are still logged on till the last reboot on July 19 (today is July 20). On the other hand, who seems to output correctly. Here is an example I am doing right now (July 20, 1:30 PM) $ last -R|grep "Jul 19"|grep still|tail ftp ftp Mon Jul 19 12:22 still logged in ftp ftp Mon Jul 19 12:21 still logged in ftp ftp Mon Jul 19 12:21 still logged in ftp ftp Mon Jul 19 12:20 still logged in ftp ftp Mon Jul 19 12:19 still logged in ftp ftp Mon Jul 19 12:08 still logged in mw pts/2 Mon Jul 19 12:07 still logged in mw pts/1 Mon Jul 19 12:03 still logged in mw pts/0 Mon Jul 19 12:03 still logged in ftp ftp Mon Jul 19 12:02 still logged in $ who mw pts/0 Jul 19 12:03 mw pts/1 Jul 19 12:03 mw pts/2 Jul 19 12:07 (:0) mw pts/3 Jul 19 14:39 (:0) It seems `last' never notices when an ftp login happens: In one xterm: $ ncftp moni.msci.memphis.edu In another xterm $ last -1|less ftp ftp moni.msci.memphi Tue Jul 20 13:43 still logged in In the first xterm: ncftp / > bye In the second xterm last -1|less ftp ftp moni.msci.memphi Tue Jul 20 13:43 still logged in and this entry will stay there forever (until the next reboot). Thx Mate Mate Wierdl ------- Additional Comments From mw.memphis.edu 07/20/99 14:55 ------- make it "last does not seem to notice when an anonftp logout happens" Mate Wierdl ------- Additional Comments From johnsonm 08/02/99 12:24 ------- Changed component to wu-ftpd because at first glance I think it might be a bug in the pamification of wu-ftpd. I haven't looked into it yet so I might be wrong... ------- Additional Comments From mw.memphis.edu 08/02/99 13:28 ------- Well, it seems that the command `who' does not note ftp logins at all. While I am logged in via ftp and telnet, I run who in two different ways: $ who mw ttyp1 Aug 2 13:09 (wierdlmpc.msci.memphis.edu) $ who /var/log/wtmp mw ttyp1 Aug 2 13:09 (wierdlmpc.msci.memphis.edu) mw ftpd31180 Aug 2 13:13 (wierdlmpc.msci.memphis.edu) The above certainly leaves it a mistery *what* file who checks for login info; according to `man who', it checks the nonexisting /etc/utmp file. Now here is the problem: even after I logout from ftp, I see $ who /var/log/wtmp mw ttyp1 Aug 2 13:09 (wierdlmpc.msci.memphis.edu) mw ftpd31180 Aug 2 13:13 (wierdlmpc.msci.memphis.edu) Let me add I noticed this both on a 5.2 and a 6.0 system. ------- Additional Comments From johnsonm 08/02/99 16:44 ------- Additional report from pam-list, posted by Alex Yu: > From: Gregory A Lundberg [lundberg+wuftpd] > Sent: Monday, August 02, 1999 4:24 PM > To: Alex Yu > Cc: WUFTPD Development Group > Subject: Re: FW: last and pam > > > A Debian maintainer is claiming much the same. > > After having read the code, and thinking about the state of the daemon at > the various points, I see three possible solutions: > > - live with it. It's broken and cannot be fixed. > > - use the -W command-line switch. That will prevent any FTP > sessions from > logging to wtmp. At least you'll be keeping your wtmp file clean. > > - give me a few minutes and I'll rip the entire pile of crap from the > source kit. That way there's no support at all for wtmp > logging. Then, > when we rewrite the daemon, maybe we can put the functions back in. > > As it is right now, I do not believe wtmp logging works correctly > for guest > or anonymous users. I do not believe it is even possible to make it work > correctly. So I'm recomending my third course of action as the > solution to > be incorporated in the 2.6.0. > > -- > > Gregory A Lundberg WU-FTPD Development Group > 1441 Elmdale Drive lundberg > Kettering, OH 45409-1615 USA 1-800-809-2195 ------- Additional Comments From johnsonm 08/03/99 11:27 ------- A patch is reported to be available at: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/glibc.wtmp.patch ------- Additional Comments From johnsonm 08/03/99 12:37 ------- Mate reports in private email that the fix works for him. Thanks, Mate!
*** Bug 4610 has been marked as a duplicate of this bug. *** Versions not affected: 2.4.2b18-2.1 (RH 5.2?) 2.4.2vr17-3 (RH 6.0) Versions affected: 2.5.0-2 (RH 6.0 updates) how to duplicate. 1. enable anonymous ftp access. 2. login as anonymous 3. logout 4. type last -10 5. observe the output: ftp ftp localhost LOGIN_DATE still logged in. The "still logged in" shold not be there!
This is fixed by applying ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/quickfixes/apply_to_2.5.0/glibc.wtmp.patch in wu-ftpd-2.5.0-4 from Raw Hide. Thanks for the patch.